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AMENDMENTS TO THE CLAIMS 

Pursuant to 37 C.F.R. § 1.121, the following listing of clams will replace all prior versions 
and listings of claims in the application 

Listing Of Claims 

1 . (Currently amended) A method for a roaming user to establish a security association 

with an application server in a visited network, wherein the roaming user has completed a mutual 
authentication with a Bootstrapping Server Function (BSF) that performs user identity initial 
verification in a generic authentication architecture in his home network, and obtained a 
Bootstrapping-Transaction Identifier (B-TID) assigned to him by the BSF, comprising: 

a^ter receiving a service request message , by the application server in the wisited network. 
from the roaming user containing with the B-TID carri e d in th e m e ssage, i 

obtaining, by the application server in the visited network^ obtaining the roaming user's user 
information &effi comprising the user authentication results of the generic authentication 
architecture in the roaming user's home networ k, wherein the user information is associated with the B- 
TID: and 

establishing a security association with the roaming user, by the application server in the 
visited network, according to the user authentication results of the generic authentication 
architecture in the roaming user's home network . 

2. (Currently amended) The method according to Claim 1 , wherein, the step of obtaining the 
roaming user's user information comprises: 

the application server in the visited network sending a query message to an authentication 
entity in the local network to inquire the user information associated with the B-TID; 

the authentication entity which received the message finding out the home network to which 
the user belongs according to the B-TID in the message, and acquiring the user information 
associated with the B-TID from the BSF in the roaming user's home network, and retuming the 
acquired the user information to the application server; ^id 

the application server in the visited network obtaining the user information according to a 
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response message returned from the authentication entity. 

3. (Currently amended) The method according to Claim 2, the authentication entity in the 
visited network is a BSF or a generic authentication architecture proxy in the visited network; 

the step of the BSF or the generic authentication architecture proxy in the visited network 
acquiring the user information associated with the B-TID from the roaming user's home network 
comprises: 

the BSF or the generic authentication architecture proxy in the visited network directly 
sending a query message to the BSF in the roaming user's home network, inquiring about the user 
information associated with the B-TID; and obtaining the user information associated with the B- 
TID from the response message returned by the BSF in the roaming user's home network. 

4. (Original) The method according to Claim 3, wherein the generic authentication 
architecture proxy in the visited network is an independent server, or a server combined with an 
AAA server in the local network, or a server combined with the application server in the local 
network. 

5. (Currently amended) The method according to Claim 2, wherein, the authentication 
entiey entitv in the visited network is the AAA server in the visited network; 

the step of the AAA server in the visited network acquiring the user information associated 
with the B-TID from the BSF in the roaming user's home network comprises: 

the AAA server in the visited network sending a query message to the AAA server in the 
roaming user's home network, inquiring about the information assoiciated the the B-TID; md 

the AAA server in the home network inquiring of the BSF in the local network, after the 
BSF in the local network finding finds the user information associated with the B-TID, it returning a 
response message, with the user information associated with the B-TID in it, to the local AAA 
server, and the AAA server returning a response message, with the user information associated with 
the B-TID in it, to the AAA server in the visited network; the AAA server in the visited network 
obtaining the user information associated with the B-TID from the response message returned by 
the AAA server in the roaming user's home networL 
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6. (Currently amended) The method according to Claim 1, wherein, the step of obtaining the 
roaming user's user information comprises: 

the application server in the visited network notifmg the roaming user that the B-TID is an 
illegal identity, and indicating to the user that it should te use a permanent identity; 

having received the service request message from the roaming user again, with the 
permanent identity carried in the message, the application server in the visited network sending an 
authentication request to a AAA server in the local network; the AAA server in the visited network 
finding out the user's home network according to the user's permanent identity, and sending another 
authentication request to the AAA server in the roaming user's home network; 

having received the authentication request from the AAA server in the visited network, the 
AAA server in the home network sending a request to the BSF in the local network for 
authentication of the user; 

the BSF in the home network earring out mutual authentication with the user via the AAA 
server in the local network, the AAA server in the visited network and the application server in the 
visited network, after successful authentication, the BSF in the home network directly returning a 
successful authentication message carrying the user information to the AAA server in the local 
network, and the AAA server in the local network returning the successful authentication message to 
the AAA server in the visited network; and 

the application server in the visited network obtaining the roaming user's user information 
from the successful authentication message returned by the AAA server in the local network. 

7. (Original) The method according to Claim 1, wherein the user information comprises at 
least: key information and the user's identity. 

8. (Original) The method according to Claim 2, wherein the user information comprises at 

least: key information and the user's identity. 

9. (Original) The method according to Claim 6, wherein the user information comprises at 
least: key information and the user's identity. 
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10. (Original) The method according to Claim 7, wherein the user information also 
comprises the profile information associated with security. 

11. (Original) The method according to Claim 8, wherein the user information also 
comprises the profile information associated with security. 

12. (Original) The method according to Claim 9, wherein the user information also 
comprises the profile information associated with security. 

13. (Original) The method according to Claim 7, wherein the key information is a shared 
key Ks generated in authentication, or a Ks-derived key and its valid term. 

14. (Original) The method according to Claim 8, wherein the key information is a shared 
key Ks generated in authentication, or a Ks-derived key and its valid term. 

15. (Original) The method according to Claim 9, wherein the key information is a shared 
key Ks generated in authentication, or a Ks-derived key and its valid term. 
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